Buffer overflow in Avirt Voice 4.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long GET request on port 1080.

Buffer overflow in PSOProxy 0.91 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP request, as demonstrated using a long (1) GET argument or (2) ...

American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 through 3.0.3 and 3.21 are shipped with a default password of TENmanUFactOryPOWER, which allows remote attackers to gain unauthor...

Stack-based buffer overflow in the SMTP service support in vsmon.exe in Zone Labs ZoneAlarm before 4.5.538.001, ZoneLabs Integrity client 4.0 before 4.0.146.046, and 4.5 before 4.5.085, allows remote ...

Unknown vulnerability in Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS15600 before 1.3(0) allows a superuser whose account is locked out, disabled, ...

SQL injection vulnerability in browse_items.asp in WebCortex WebStores 2000 6.0 allows remote attackers to gain unauthorized access and execute arbitrary commands via the Search_Text parameter.

SQL injection vulnerability in Online Store Kit 3.0 allows remote attackers to inject arbitrary SQL and gain unauthorized access via (1) the cat parameter in shop.php, (2) the id parameter in more.php...

Buffer overflow in the Lightweight Directory Access Protocol (LDAP) daemon (iLDAP.exe 3.9.15.10) in Ipswitch IMail Server 8.03 allows remote attackers to cause a denial of service (crash) and execute ...

Buffer overflow in KarjaSoft Sami HTTP Server 1.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request.

Buffer overflow in Purge Jihad 2.0.1 and earlier allows remote game servers to execute arbitrary code via an information packet that contains large (1) battle type and (2) map name fields.

Buffer overflow in the UdmDocToTextBuf function in mnoGoSearch 3.2.13 through 3.2.15 could allow remote attackers to execute arbitrary code by indexing a large document.

Buffer overflow in RobotFTP 1.0 and 2.0 beta 1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long username.

AIM Sniff (aimSniff.pl) 0.9b allows local users to overwrite arbitrary files via a symlink attack on /tmp/AS.log.

Format string vulnerability in Dream FTP 1.02 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the username.

Share.mod in Eggheads Eggdrop IRC bot 1.6.10 through 1.6.15 can mistakenly assign STAT_OFFERED status to a bot that is not a sharebot, which allows remote attackers to use STAT_OFFERED to promote a bo...

Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) seq...

SQL injection vulnerability in MaxWebPortal allows remote attackers to inject arbitrary SQL code and gain sensitive information via the SendTo parameter in Personal Messages.

Stack-based buffer overflow in The Palace 3.5 and earlier client allows remote attackers to execute arbitrary code via a link to a palace:// url followed by a long server address string.

oj.cgi in OpenJournal 2.0 through 2.0.5 allows remote attackers to bypass authentication and access the control panel via a 0 in the uid parameter.

The check_referer() function in Formmail.php 5.0 and earlier allows remote attackers to bypass access restrictions via an empty or spoofed HTTP Referer, as demonstrated using an application on the sam...

Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, ...

IBM Cloudscape 5.1 running jdk 1.4.2_03 allows remote attackers to execute arbitrary programs or cause a denial of service via certain SQL code, possibly due to a SQL injection vulnerability.

SQL injection vulnerability in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain privileges via (1) the product parameter in showproduct.php or (2) the cat parameter in showcat.php.

PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other accounts by modifying the cookie's PXL variable to reference another userID.